Privacy Policy

Last updated: April 8, 2026 · Apex Bridge Technology LLP · Republic of Kazakhstan

1. Who We Are

BugSpotter is a product of Apex Bridge Technology LLP, registered in the Republic of Kazakhstan, member of Astana Hub international technopark. This policy covers how we collect, use, and protect data when you use our website (bugspotter.io), SaaS platform (app.kz.bugspotter.io), demo instances, and SDK.

2. Data We Collect

2.1 Registration Data

When you register or request access, we collect:

• Organization name
• Contact email address
• Contact person name
• Phone number (optional)

This data is used solely to set up your instance and communicate with you about your account.

2.2 Bug Report Data (SaaS)

When your team uses the BugSpotter SDK or Chrome Extension, bug reports may include:

• Screenshots of the web page
• Session replay recordings
• Console logs
• Network request/response data
• Browser metadata (user agent, viewport, URL)

PII Redaction: The BugSpotter SDK automatically detects and masks personal data (emails, phone numbers, credit card numbers, IINs, IP addresses) in the browser before upload. Your servers — and ours — never receive the raw personal data.

2.3 Self-Hosted

If you self-host BugSpotter, no bug report data is sent to us. All data stays on your infrastructure. We only receive the data you provide during registration and support interactions.

3. Where Data Is Stored

SaaS data is stored on servers in the Republic of Kazakhstan. We use managed cloud services for PostgreSQL, Redis, and S3-compatible object storage. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

EU and US hosting regions are available on Enterprise plans upon request.

4. How We Use Your Data

• To provide and maintain the BugSpotter service
• To communicate with you about your account
• To respond to support requests
• To improve the product (aggregated, anonymized usage analytics only)

We do not sell, share, or disclose your data to third parties, except as required by law.

5. Data Retention

Bug report data is retained according to your plan's retention policy (configurable per project). Registration data is retained for the duration of your account. You may request deletion at any time.

6. Your Rights

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a standard format
• Withdraw consent at any time

To exercise these rights, contact us at privacy@bugspotter.io.

7. Cookies

Our website uses only essential cookies for authentication (httpOnly, secure). We do not use tracking cookies, analytics pixels, or third-party advertising cookies.

8. Incident Notification

In accordance with Kazakhstan Law No. 94-V (July 2024 amendment), in the event of a personal data breach, we will notify the relevant authorities within 1 business day and affected users as soon as possible.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email to registered users.

10. Contact

For privacy-related inquiries:

• Email: privacy@bugspotter.io
• Company: Apex Bridge Technology LLP
• Jurisdiction: Republic of Kazakhstan (Law No. 94-V on Personal Data Protection)